If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Redirecting ALL traffic from one ethernet port to another

So the title says it all.
My linux knowledge is still limited, and I would like to know how I can achieve this.
Should I be using iptables to set this up? if so, could someone provide the commands?
(redirecting all incoming/outgoing traffic from eth1 to eth2, and visa versa)

Re: Redirecting ALL traffic from one ethernet port to another

Originally Posted by Lucifer

So the title says it all.
My linux knowledge is still limited, and I would like to know how I can achieve this.
Should I be using iptables to set this up? if so, could someone provide the commands?
(redirecting all incoming/outgoing traffic from eth1 to eth2, and visa versa)

Thanks,

.L

Are you looking to setup a bridge or a route?

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Re: Redirecting ALL traffic from one ethernet port to another

Well I'm not sure how to call it.
An ethernet device on my first port needs to be connected to the internet on my second port, and I'm looking to set up some mitm attacks between those two ports, so all the traffic from the ethernet client can be sniffed.

Re: Redirecting ALL traffic from one ethernet port to another

sounds to me like you want to act as a router.

This command will enable IP forwarding and have your machine act as a router:

Code:

echo 1 >/proc/sys/net/ipv4/ip_forward

It's more complex than running just that command, though. You will need to make sure you have setup your routes correctly on both your victim machine and on your router. You haven't given me enough information to help you any further, and I suspect you're going to need to do a lot more reading.

Re: Redirecting ALL traffic from one ethernet port to another

If you're actually going to be wiring the device in to the middle like that then a transparent bridge would work fine, as then it cannot be detected by normal means on the network and you can then use the virtual bridge interface to monitor the traffic, and you don't have to mess around with routing.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Re: Redirecting ALL traffic from one ethernet port to another

It surprises me that it's really that hard like you say.
you could indeed say my linux box would be acting as a simple router between a client and the internet.
I just need to figure out how I can route every single packet from eth1 to eth2, and from eth2 to eth1, depending on the source/destination ofcourse. I thought that would be easy to setup, but I can't figure out how to do it.

EDIT: To streaker69, bridging the connections like you say might do the job. How would I need to configure it? I always figured there would be a quick and easy command to do so, or am I mistaken?

Re: Redirecting ALL traffic from one ethernet port to another

EDIT: To streaker69, bridging the connections like you say might do the job. How would I need to configure it? I always figured there would be a quick and easy command to do so, or am I mistaken?

I'd think that a quick google search for "bridge +linux" would probably find it quickly. That's how I found it when I did something similar.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Re: Redirecting ALL traffic from one ethernet port to another

Just as another hint on this, you do not need to bind IP to either interface or your bridge to monitor it's traffic. If you want to stay completely silent on the LAN, you definitely do not want IP bound to these interfaces.

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.